[Caution] JST airdrop PHISHING SCAM on Steem / Phishing Scam auf Steem - es gibt keinen Airdrop!

in #scam18 days ago

Currently there is a scammer sending messages, leaving comments etc on Steem about an alleged JST airdrop for STEEM holders. This is a reminder to not follow any links you receive in comments or messages on blockchain and even if you do, to not enter your keys in any case.


Hier nur mal kurz auf Deutsch. Es gibt keinen JST Airdrop wie in Kommentaren auf Steem behauptet wird. Es handelt sich hierbei um einen SCAM! Wer seine Keys auf der verlinkten Seite eingegeben hat, sollte so schnell wie möglich sein Passwort ändern. Weiter mit Details nun auf Englisch:


The above comment is being spread on various Steem posts using old accounts that have been inactive for a long time and have been hacked at some earlier point. Some of the accounts that I checked have been hacked in early 2018.

The comments like to a website with the url https://www.justnetwork.tech/, which claims to offer a 1000 JST airdrop for the Steemit community. Clicking the "claim now" button links to a fake Steemconnect site that wants you to enter your keys. The site is obviously fake, which you can see from many hints. For example the url is not steemconnect but something with justnetwork, the overall appearance is slightly different from the original SC and, probably the most obvious fact, you can enter anything you want and it will give you this confirmation page:


The stolen funds are being transferred to this account:


and later forwarded to:


Another account that has received funds earlier is:


The hacker used @mxcsteem to cash out the funds, his memo code is 100205. Some other (older) exchange memo codes associated with the accounts are:


@bittrex 541e4998572d432da02, 73cf5f7177fa49e5b02, f8d7e4b95e384d7bb16
@huobi-pro 138958
@deepcrypto8 (Binance) 101441751

Checking both of the used domains on whois.domaintools shows that the URL were registered 4 days ago:


But I couldn't find any relevant information on it.

Remember: Never give out your keys or click on unknown links and always question everything strangers try to "gift" to you.


Danke Dir!

LG Michael


Das Script bei der Domain mit .tech verwendet einen Miner im Hintergrund.
Das Script bei der Domain .my.id ist schickt die Daten an die Datei "do.php" dies wird bestimmt in einer Text Datei gespeichert.

Du hast ein Upvote von mir bekommen, diese soll die Deutsche Community unterstützen. Wenn du mich unterstützten möchtest, dann sende mir eine Delegation. Egal wie klein die Unterstützung ist, Du hilfst damit der Community. DANKE!

Du wurdest als Member von @investinthefutur gevotet!
Dazu noch ein kleines !BEER

Hey @okean123, here is a little bit of BEER from @investinthefutur for you. Enjoy it!

Learn how to earn FREE BEER each day by staking your BEER.

@mima2606 denkt du hast ein Vote durch @investinthefutur verdient!
@mima2606 thinks you have earned a vote of @investinthefutur !

Your contribution was curated manually by @mima2606
Keep up the good work!